I have a problem with the
<asp:SqlDataSource.The thing that I try to do is to create a SQLstatement.I am not sure if this can be done or not ( just started asp.net).
The problem is that is giving me an error that I can’t figure out.
-------------------------------------------------
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Line 1: Incorrect syntax near '<'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
First off - you're trying to use inline codeblocks, it seems, like in the old Classic ASP days. It's no longer done this way in ASP.Net. Since ASP.Net is event-driven, all code code is in event handlers (subs/functions). In this case, what you'd probably
need to do is to create/Dim some global variables in your page (outside any events), and inside the Page_Load event, assign the variable names, just like you did
Therefore, you would not use a code block segment, either, in the SelectCommand property of a SQLDataSource control. That is for the SQL statement or Stored Procedure name only.
Also - if you haven't heard about SQL Injection attacks, you need to learn now....instead of using concatenated SQL statements, the answer to SQL Injection attacks, in this case, is parameterized queries. Check out this 2 part tutorial on Parameterized Queries
at ASPNet101.com: http://aspnet101.com/aspnet101/tutorials.aspx?id=1
That being said, you can use a SQL statement (Select [Field list] from [Table name] where
Field1=@Field1 and
Field2=@Field2, etc
Then, inside your SQLDataSource, use the parameters section to assign where the data for each parameter is coming from.
nbgd_28
Member
15 Points
3 Posts
In line code in <asp:SqlDataSource
Jun 16, 2006 04:41 PM|LINK
Hi,
I have a problem with the <asp:SqlDataSource. The thing that I try to do is to create a SQL statement. I am not sure if this can be done or not ( just started asp.net).
Something like this:
<%
Dim Test1 As String
Dim Test2 As String
Dim Test3 As String
Dim Test4 As String
Test1 = Request("xmbr")
Test2 = Request("xSEL")
Test3 = Request("xpro")
Test4 = "SELECT [jedan], [dva], [tri], [cetiri], [pet] FROM [pet1] where " & (Test1) & " " & (Test2) & "'" & (Test3) & "'"
%>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:FinGateConnectionString %>" SelectCommand="<%= Test4%>">
The problem is that is giving me an error that I can’t figure out.
-------------------------------------------------
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Line 1: Incorrect syntax near '<'.
Source Error:
-------------------------------------------------
Thanks.
Nbdg_28
augustwind
All-Star
35874 Points
4902 Posts
ASPInsiders
Moderator
Re: In line code in <asp:SqlDataSource
Jun 16, 2006 05:36 PM|LINK
First off - you're trying to use inline codeblocks, it seems, like in the old Classic ASP days. It's no longer done this way in ASP.Net. Since ASP.Net is event-driven, all code code is in event handlers (subs/functions). In this case, what you'd probably need to do is to create/Dim some global variables in your page (outside any events), and inside the Page_Load event, assign the variable names, just like you did
Therefore, you would not use a code block segment, either, in the SelectCommand property of a SQLDataSource control. That is for the SQL statement or Stored Procedure name only.
Also - if you haven't heard about SQL Injection attacks, you need to learn now....instead of using concatenated SQL statements, the answer to SQL Injection attacks, in this case, is parameterized queries. Check out this 2 part tutorial on Parameterized Queries at ASPNet101.com:
http://aspnet101.com/aspnet101/tutorials.aspx?id=1
That being said, you can use a SQL statement (Select [Field list] from [Table name] where Field1=@Field1 and Field2=@Field2, etc
Then, inside your SQLDataSource, use the parameters section to assign where the data for each parameter is coming from.
All Things Dot Net
Stored Procs and Code in a Flash!
ASP.Net Sitemap Creator
prince_princ...
Member
186 Points
80 Posts
Re: In line code in <asp:SqlDataSource
Jan 07, 2008 06:11 AM|LINK
Hi,
I'm trying to use inline code inside my sqldatasource..
<asp:Parameter Name="CREATION_DATE" Type="DateTime" DefaultValue= '<%System.DateTime.Now.ToString()%>' />
This gives me an error saying input string was not in correct format..
Could someone help me in this?